Introduction
Secret holds secret data for pods to consume
API group | Resource | Kube Skeleton |
---|---|---|
core/v1 | Secret | skel |
Here's an example Kubernetes Secret:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
The following sections contain detailed information about each field in Short syntax, including how the field translates to and from Kubernetes syntax.
API Overview
Field | Type | K8s counterpart(s) | Description |
---|---|---|---|
version | string |
apiVersion |
The version of the resource object |
cluster | string |
metadata.clusterName |
The name of the cluster on which this Secret is running |
name | string |
metadata.name |
The name of the Secret |
namespace | string |
metadata.namespace |
The K8s namespace this Secret will be a member of |
labels | string |
metadata.labels |
Metadata about the Secret, including identifying information |
annotations | string |
metadata.annotations |
Non-identifying information about the Secret |
data | map[string][]byte |
data |
Base64 encoded secret data |
string_data | map[string]string |
stringData |
Non-Binary secret data in string form can be stored using this field |
type | string |
secretType |
Types used to facilitate programmatic handling of secrets. See Secret Types |
Secret Types
Secret Type | Description |
---|---|
opaque | Default type. Arbitrary user defined data |
kubernetes.io/service-account-token | Secret contains a token that identifies a service account to the API. See Service Account Secrets |
kubernetes.io/dockercfg | Secret contains a dockercfg file that follows the same format rules as ~/.dockercfg . See Docker Config Secrets |
kubernetes.io/dockerconfigjson | Secret contains a dockercfg file that follows the same format rules as ~/.docker/config.json. See Docker Config JSON secrets |
kubernetes.io/basic-auth | Secret contains credentials for basic auth. See Basic Auth Secrets |
kubernetes.io/ssh-auth | Secret contains credentials for SSH auth. See SSH Auth Secrets |
kubernetes.io/tls | Secret contains information about TLS server or client certificate. See TLS Secrets |
Service Account Secrets
If the secret type is set to kubernetes.io/service-account-token
, then the secret should have the following required fields
Field | Description |
---|---|
Secret.Annotations["kubernetes.io/service-account.name"] | The name of the ServiceAccount the token identifies |
Secret.Annotations["kubernetes.io/service-account.uid"] | the UID of the ServiceAccount the token identifies |
Secret.Data["token"] | a token that identifies the service account to the API |
Docker Config Secrets
If the secret type is set to kubernetes.io/dockercfg
, then the secret should have the following required field
Field | Description |
---|---|
Secret.Data[".dockercfg"] | A serialized ~/.dockercfg file |
Docker Config JSON Secrets
If the secret type is set to kubernetes.io/dockerconfigjson
, then the secret should have the following required field
Field | Description |
---|---|
Secret.Data[".dockerconfigjson"] | A serialized ~/.docker/config.json file |
Basic Auth Secrets
If the secret type is set to kubernetes.io/basic-auth
, then the secret should have atleast one of the following fields
Field | Description |
---|---|
Secret.Data["username"] | Username used for authentication |
Secret.Data["password"] | Password or token needed for authentication |
SSH Auth Secrets
If the secret type is set to kubernetes.io/ssh-auth
, then the secret should have the following required field
Field | Description |
---|---|
Secret.Data["ssh-privatekey"] | Private SSH key needed for authentication |
TLS Secrets
If the secret type is set to kubernetes.io/tls
, then the secret should have the following required fields
Field | Description |
---|---|
Secret.Data["tls.key"] | TLS private key |
Secret.Data["tls.crt"] | TLS certificate |
Examples
- Secret example
secret:
data:
password: MWYyZDFlMmU2N2Rm
username: YWRtaW4=
name: mysecret
type: opaque
version: v1
Skeleton
Short Type | Skeleton |
---|---|
Secret | skel |
Here's a starter skeleton of a Short Secret.
secret:
data:
password: MWYyZDFlMmU2N2Rm
username: YWRtaW4=
name: mysecret
type: opaque
version: v1